60 Best Money Laundering Research Papers, Books and web links.

60 BEST ANTI-MONEY LAUNDERING AND COUNTER TERRORISM FINANCING RESOURCES GLOBALLY

Research into money laundering goes deeper than reading ACAMS or Linkedin. Here we have provided links to the 60 Best Money Laundering Research Papers, books and web articles.

In the coming weeks we will be blogging about these articles and what they mean to the industry. Stay tuned and register with the site (bottom of the page) if you want to get our posts via your inbox (sent once a month only – no spam!)

We would really appreciate you sharing this resource if you find it useful – it took a long time to research!! Thank you. Simply use one of the sharing links or copy the web address and post about it.

NB: Scroll left and right for small screen views

Title & LinkAuthor & Link to BibliographyDescription
(scroll to left to read)
Money launderingM Levi, P Reuter – Crime and Justice, 2006 – journals.uchicago.eduTechniques for hiding proceeds of crime include transporting cash out of the country, purchasing businesses through which funds can be channeled, buying easily transportable valuables, transfer pricing, and using “underground banks.” Since the mid-1980s …
 Dirty money: The evolution of money laundering counter-measuresWC Gilmore – 1999 – ncjrs.govThe first chapter provides an overview of the problem, as it notes that estimates of money from criminal activities range from 300 to 500 billion US dollars annually, money that is available for laundering. Such quantities of money, often linked with organized crime …
How big is global money laundering?J Walker – Journal of Money Laundering Control, 1999 – emerald.comKnown incidents of money laundering involving large amounts of money generated from crime are of tremendous public interest and are consequently given wide publicity. A wide range of national and international agencies have attempted to quantify organised crime …
 Macroeconomic implications of money launderingPJ Quirk – Washington, Fondo Monetario Internacional, WP, 1996 – elibrary.imf.orgThis paper reviews the main analytical, empirical, and policy issues related to the macroeconomic implications of money laundering. The paper discusses, first, how money laundering can be measured, given that it is unobservable, and reports cross-section …
 Chasing dirty money: The fight against money launderingP Reuter – 2005 – books.google.comOriginally developed to reduce drug trafficking, efforts to combat money foundering have broadened over the years to address other crimes and, most recently, terrorism. In this study,[the authors] look at the scale and characteristics of money laundering, describe and …
 Money laundering: a new international law enforcement modelG Stessens – 2000 – books.google.comThis book gives a broad analysis of the legal issues raised by the international fight against money laundering. It offers an extensive comparative research of the criminal and preventive law aspects from an international perspective. Stessens portrays money laundering as a …
Money laundering: muddying the macroeconomyPJ Quirk – Finance and Development, 1997 – search.proquest.comIMF staff went to a small island country to assess economic developments. As they walked around the capital, they noticed a surprisingly large number of small banks (more than 100 in a country of less than 100,000 people). A year later, it was revealed that many of these …
Money laundering and its regulationM Levi – The Annals of the American Academy of Political …, 2002 – journals.sagepub.comThis article examines definitions of” money laundering” and the conceptual and actual role its regulation plays in dealing with drug markets. If laundering is prevented, incentives to become major criminals are diminished. It identifies and critiques three aspects of harm …
Money laundering: the economics of regulationD Masciandaro – European Journal of Law and Economics, 1999 – SpringerEconomic research has not yet systematically undertaken the analysis of the existing interactions between criminal economy and financial markets. The present work belongs to a research field increasingly interested in such issues and focuses on the economic analysis of money laundering …
Money laundering: some factsF Schneider, U Windischbauer – European Journal of Law and Economics, 2008 – SpringerThis paper tackles the quite difficult topic of money laundering. After defining money laundering, and after explaining the three stages (steps), placement, layering and integration, the paper tries a quantification and estimation of the volume and development of …
Money laundering and the international financial systemV Tanzi – 1996 – ideas.repec.orgThe IMF Working Papers series is designed to make IMF staff research available to a wide audience. Almost 300 Working Papers are released each year, covering a wide range of theoretical and analytical topics, including balance of payments, monetary and fiscal issues …
Measuring Global Money Laundering:” The Walker Gravity Model”J Walker, B Unger – Review of Law & Economics, 2009 – degruyter.comMeasuring global money laundering, the proceeds of transnational crime that are pumped through the financial system worldwide, is still in its infancy. Methods such as case studies, proxy variables, or models for measuring the shadow economy all tend to under-or …
Money laundering—a global obstacleB Buchanan – Research in International Business and Finance, 2004 – ElsevierOne of the biggest obstacles to maintaining an effective operating international financial system is money laundering. A global phenomenon and international challenge, money laundering is a financial crime that often involves a complex series of transactions and …
An inquiry into money laundering tools in the Bitcoin ecosystemM Möser, R Böhme, D Breuker – 2013 APWG eCrime …, 2013 – ieeexplore.ieee.orgWe provide a first systematic account of opportunities and limitations of anti-money laundering (AML) in Bitcoin, a decentralized cryptographic currency proliferating on the Internet. Our starting point is the observation that Bitcoin attracts criminal activity as many …
 Black finance: the economics of money launderingD Masciandaro, E Takats, B Unger – 2007 – books.google.com” The recent dramatic wave of terrorist attacks has further focussed worldwide attention on the money laundering phenomena. The objective of this book is to offer the first systematic analysis of the economics of money laundering and its connection with terrorism finance …
 Critical reflections on transnational organized crime, money laundering and corruptionME Beare – 2003 – books.google.comTransnational crime, organized crime, money laundering and corruption are four concepts that have gained and continue to gain an international and domestic profile. Is the information given to the public concerning these concepts distorted by the vested interests of …
 The amounts and the effects of money launderingB Unger, M Siegel, J Ferwerda, W de Kruijf… – Report for the Ministry of …, 2006 – ftm.nl0.4. The amount of money laundered is sizeable 0.5. Where is the criminal money being laundered and placed? 0.6. The Netherlands are a transit country of crime and criminal money 0.7. What are the effects of money laundering? 0.8. The long term dangers of money  …
The consequences of money laundering and financial crimeJ McDowell, G Novis – Economic Perspectives, 2001 – ncjrs.govMoney laundering is seen as critical to the effective operation of transnational and organized crime. However, money laundering effects a country’s economy, government, and social well-being. This article briefly reviewed both the economic and social costs of money laundering …
 Money laundering: A guide for criminal investigatorsJ Madinger – 2011 – books.google.comMany changes have occurred in the twenty-five years that have passed since the enactment of the Money Laundering Control Act of 1986. The law has been amended, new underlying crimes have been added, and court decisions have modified its scope. The Act remains an …
 The hawala alternative remittance system and its role in money launderingPM Jost, HS Sandhu – 2000 – peacepalacelibrary.nlThe components of hawala that distinguish it from other remittance systems are trust and the extensive use of connections such as family relationships or regional affiliations. Unlike traditional banking or even the’chop’system, hawala makes minimal (often no) use of any …
The fight against money launderingH Geiger, O Wuensch – Journal of Money Laundering Control, 2007 – emerald.comPurpose–To provide an economic view on the costs and benefits of anti‐money laundering (AML) efforts. Design/methodology/approach–Based on a international, comparative study conducted in Switzerland, Singapore and Germany, the authors outline the impact of AML …
Bitcoin and money laundering: mining for an effective solutionD Bryans – Ind. LJ, 2014 – HeinOnlineTechnology forges ahead at a rapid pace, whether we like it or not. Criminals recognize this inevitability and use technological improvements to advance their craft,’committing crimes from half a world away in real time. Meticulous criminals also use technological …
Corruption and money laundering: a symbiotic relationshipD Chaikin, J Sharman – 2009 – Springer
 Financial havens, banking secrecy and money-launderingJA Blum, M Levi, RT Naylor, P Williams – 1998 – amnet.co.ilThe major money laundering cases coming to light in recent years share a common feature: criminal organizations are making wide use of the opportunities offered by financial havens and offshore centres to launder criminal assets, thereby creating roadblocks to criminal …
A typological study on money launderingP He – Journal of Money Laundering Control, 2010 – emerald.comPurpose–The purpose of this paper is to make objective descriptions on various money‐laundering techniques and to put forward countermeasures in order to combat money laundering more effectively and efficiently. Design/methodology/approach–This paper …
 Reference guide to anti-money laundering and combating the financing of terrorismPA Schott – 2006 – elibrary.worldbank.orgThis second edition of the Reference Guide is a comprehensive source of practical information on how countries can fight money laundering and terrorist financing. Aimed at helping countries understand the new international standards, it discusses the problems …
 Money laundering policyPC Van Duyne – Fears and Facts, 2003 – petrusvanduyne.nlIt is difficult to argue about the nature of smells. Some of them do not even have names. But one kind of smell has certainly been nominated and changed in our appreciation: the ‘moral smell’of money. Today the adage ‘money does not smell’does not apply any more. Now we …
Responding to Money LaunderingE Savona – 2005 – books.google.comResponding to Money Laundering has its origin in the International Conference on Preventing and Controlling Money Laundering and the Use of Proceeds of Crime: A Global Approach organised by ISPAC, the International Scientific and Advisory Board of the United …
 Dirty money: the evolution of international measures to counter money laundering and the financing of terrorismWC Gilmore – 2004 – books.google.comThis is the third edition of this publication which explores key issues in the fast evolving field of money laundering and terrorist financing, and which has been restructured so as to fully reflect the high international priority given to tackling the financing of terrorism since …
Money laundering and globalizationP Alldridge – Journal of law and society, 2008 – Wiley Online LibraryThe article traces the various imperatives generated by the combination of the money laundering panic of the late 1990s with the advent of globalization. If there is to be an attempt legally to regulate laundering, it (laundering) must be a relatively serious offence …
Money launderingN Morris-Cotterill – Foreign Policy, 2001 – JSTORFrom Moscow to Buenos Aires, money laundering scandals sap economies and destabilize governments. Policymakers blame crime cartels, tax havens, and new techniques like cyberlaundering. But dirty money long predates such influences. Without unified rules …
The economics of crime and money laundering: does anti-money laundering policy reduce crime?J Ferwerda – Review of Law & Economics, 2009 – degruyter.comAnti-money laundering policy has become a major issue in the Western world, especially in the United States after 9-11. Basically, all countries in the world are more or less forced to cooperate in the global fight against money laundering. In this paper, the criminalization of …
 Dirty dealing: the untold truth about global money laundering, international crime and terrorismP Lilley – 2003 – books.google.comPraise and ReviewsEntertaining, well written and well presented.JOHN MULQUEEN, The Irish TimesPaints an alarming picture of the power and scale of todays crooked and corrupt financial world. Lilley has done his homework.THE IODS DIRECTOR MAGAZINESChoice of …
System and method for analyzing and dispositioning money laundering suspicious activity alertsBJ Kloostra, C Dalvi, BN Behm – US Patent App. 12/258,784, 2009 – Google PatentsA system and method for analyzing, dispositioning, recording, reviewing, and managing potentially suspicious financial transactions. In some cases, the system models the steps taken by a subject matter expert to reach a conclusion so that a novice can follow similar …
A theory of “Crying Wolf”: The economics of money laundering enforcementE Takáts – The Journal of Law, Economics, & Organization, 2011 – academic.oup.comThe article shows how excessive reporting, called “crying wolf”, can dilute the information value of reports and how more reports can mean less information. Excessive reporting is investigated by undertaking the first formal analysis of money laundering enforcement …
Power and discourse in policy diffusion: Anti-money laundering in developing statesJC Sharman – International Studies Quarterly, 2008 – academic.oup.comTwenty years ago not a single country had a policy against money laundering; currently, over 170 have very similar anti-money laundering (AML) policies in place. Why have so many countries with so little in common adopted the same policy so rapidly? This extensive …
 Global financial crime: terrorism, money laundering and offshore centresD Masciandaro – 2017 – books.google.comThe scope for financial crime has widened with the expansion and increased integration of financial markets. Money laundering, terrorism financing and tax crime have all changed in both nature and dimension. As new technologies reduce the importance of physical …
AI fights money launderingJ Kingdon – IEEE Intelligent Systems, 2004 – ieeexplore.ieee.orgThe bank had approached Searchspace, formed by re- searchers from the Intelligent Systems Lab at University College London in 1993. It applies adaptive and learning- systems approaches to a range of business and finance tasks. However, until then, we had principally developed …
 Transnational criminal organizations, cybercrime, and money laundering: a handbook for law enforcement officers, auditors, and financial investigatorsJR Richards – 1998 – books.google.comWRITTEN BY A LAW ENFORCEMENT PROFESSIONAL FOR OTHER LAW ENFORCEMENT PERSONNEL IN THE TRENCHES This book examines the workings of organized criminals and criminal groups that transcend national boundaries. Discussions …
Trade-based money laundering and terrorist financingJS Zdanowicz – Review of law & economics, 2009 – degruyter.comMoney laundering can be defined, generally, as the process of concealing the existence, illegal source, or application of income derived from a criminal activity, and the subsequent disguising of the source of that income to make it appear legitimate. Deception is the heart of …
The tenuous relationship between the fight against money laundering and the disruption of criminal financeMF Cuéllar – J. Crim. L. & Criminology, 2002 – HeinOnlineThis article examines the fight against money laundering as a case study of the separation between an enforcement system’s objectives and performance. To launder money is to hide its illegal origin. The fight against money laundering is supposed to disrupt laundering in its …
 Detecting money laundering and terrorist financing via data miningJS Zdanowicz – Communications of the ACM, 2004 – dl.acm.orgThe use of international trade to move money, undetected, from one country to another is one of the oldest techniques used to circumvent government scrutiny. Either overvaluing imports or undervaluing exports can achieve this transfer. If an imported prod- uct is overvalued, the foreign …
Money laundering regulation: the micro economicsD Masciandaro – Journal of Money Laundering Control, 1998 – emerald.comThe analysis of the interactions between the criminal economy and the financial markets has not yet been systematically studied by the economists. This study belongs to a current research interested in this area, ie the economic analysis of money laundering. The work is …
Money laundering: The crime of the’90sGR Strafer – Am. Crim. L. Rev., 1989 – HeinOnlineIn the Money Laundering Control Act of 1986,’codified at sections 1956 and 1957 of Title 18 of the United States Code, Congress for the first time attempted to define and prohibit a category of activity known colloquially as” money laundering.” During an election year frenzy …
Applying data mining in investigating money laundering crimesZ Zhang, JJ Salerno, PS Yu – Proceedings of the ninth ACM SIGKDD …, 2003 – dl.acm.orgIn this paper, we study the problem of applying data mining to facilitate the investigation of money laundering crimes (MLCs). We have identified a new paradigm of problems—that of automatic community generation based on uni-party data, the data in which there is no direct …
Turnover of organized crime and money laundering: some preliminary empirical findingsF Schneider – Public choice, 2010 – SpringerAfter a short literature review, the paper quantifies the turnover of organized crime with the help of a MIMIC estimation procedure for the years 1995 to 2006 for 20 highly developed OECD countries. The volume of turnover from organized crime was US-270billionintheyear1995forthese20OECDc …
Money laundering: an international challengeLA Barbot – Tul. J. Int’l & Comp. L., 1995 – HeinOnlineIn the words of South American drug barons,” dirty money is best passed through clean hands.” 1 Money laundering is often defined as” the process by which one conceals the existence, illegal source or illegal application of income, and then disguises that income to …
Money laundering and its regulationA Chong, F Lopez‐De‐Silanes – Economics & Politics, 2015 – Wiley Online LibraryThe recent wave of terrorist attacks has increased the attention to money laundering activities, and the role played by the regulatory frameworks controlling feeder activities. We investigate empirically the determinants of money laundering and its regulation in close to …
 Money laundering: a concise guide for all businessD Hopton – 2009 – books.google.comWorldwide, anti-money laundering regulations and legislation have become one of the weapons of choice of governments that are fighting global terrorism and criminality. In this updated edition of Money Laundering, Doug Hopton explains how The Money Laundering  …
Virtual money laundering: the case of Bitcoin and the Linden dollarR Stokes – Information & Communications Technology Law, 2012 – Taylor & FrancisThis paper presents an analysis of the money laundering risks of two virtual currencies, the Linden dollar, the in-world currency of the interactive online environment Second Life, and Bitcoin, an experimental virtual currency that allows for the transfer of value through peer-to …
 Anti-Money Laundering: international law and practiceWH Muller, CH Kalin, JG Goldsworth – 2007 – books.google.comAnti-Money Laundering is the definitive reference on money laundering and practice. First an outline will be given of the general approach taken by supra-national organisations like the United Nations and the European Council. Next the approach taken by international …
 Crime, illicit markets, and money launderingP Williams – Managing global issues: Lessons learned, 2001 – carnegieendowment.orgPhil Williams organized crime is perhaps best understood as the continuation of commerce by illegal means, with transnational criminal organizations as the illicit counterparts of multinational corporations. During the 1990s, transnational organized crime—and the …
 Criminal finance: The political economy of money laundering in a comparative legal contextK Hinterseer – 2002 – books.google.comLike it or not, money launderers are major players in the world’s economy. Their strategies constrain national economic policies and undermine financial institutions. With the advent of secure transfer technologies, and with the help of modern financial theories of derivatives …
A comparative guide to anti-money launderingM Pieth, G Aiolfi – 2004 – academia.eduMoney laundering is the process by which criminals attempt to conceal the source and ownership of the proceeds of their illicit activities; if successful, the criminal maintains control and access to these funds when and where he chooses. The efforts to combat this …
 Money launderingFAT Force – Policy Brief July 1999, 1999 – bahamasb2b.comThe goal of a large number of criminal acts is to generate a profit for the individual or group that carries out the act. Money laundering is the processing of these criminal proceeds to disguise their illegal origin. This process is of critical importance, as it enables the criminal to …
Money Laundering: The Scope of the Problem and Attempts to Combat ItS Sultzer – Tenn. L. Rev., 1995 – HeinOnlineMoney laundering is the process of taking the proceeds of criminalactivity and making it appear legal. Money laundering has been called the” lifeblood” of crime because, without cleansing the profits of crime, the criminal enterprise cannot flourish. While drug money  …
Money laundering law: Forfeiture, confiscation, civil recovery, criminal laundering and taxation of the proceeds of crimeP Alldridge – 2003 – Bloomsbury Publishing
Money laundering and financial means of organized crime: some preliminary empirical findingsF Schneider – Paolo Baffi Centre Research Paper, 2008 – papers.ssrn.comAfter giving a short literature review, the paper tries a quantification of the volume of money laundering activities, with the help of a DYMIMIC estimation procedure for the years 1995 to 2006 for 20 highly developed OECD countries. The volume of laundered money was 273 …
Money‐Laundering: Estimates in FogPC Van Duyne – Journal of Financial Crime, 1994 – emerald.comThe paper examines certain problems in determining the extent of money‐laundering. The author first discusses the methodological problems inherent in assessing its volume. He then discusses two methods to estimate the extent of money‐laundering. One method is …

How to Hide 2 Million Barrels of Sanctioned Oil

Avoiding OFAC/UN sanctions is like a game of cat and mouse played out on the world stage. The players are office-bound analysts checking transactions for sanctioned individuals/nations, shipping lines trying to disguise their routes, customs and excise on both sides of the trade and the regulators honing in on troubled states.

Currently we have Iran and North Korea trying to peddle their wares through international trade. Oil from Iran and Coal from ‘Rocketman’ Kim Jong-un.

In this post we will describe how the two nations sneak their trades past banks and regulators using nefarious and devious tactics to avoid detection, focusing on oil from Iran.

In any deceptive activity one of the core methods is the art of disguise. And no matter what crime type, all crimes present opportunities to detect through Locard’s law. That is to say, in every crime a criminal will leave behind evidence, be that trace, physical or nowadays digital.

With that last paragraph established, any good ML analyst or Compliance Officer needs to consider how Iran is disguising activity and what can be used to link North Korea and Iran to sanction offences.

Going further, who else in the chain is culpable? What other international actors are involved in the chain – the financial chain or the customs chain?

Hide 2 million barrels of oil…

I’m going to focus on the movement of 2 million barrels of oil, at today’s prices about $64 million.

The Strait of Hormuz is a busy shipping lane. 21 million barrels of oil move through the strait every day – at least when we’re not in the middle of a pandemic anyway.

You would think moving a hulking great tanker full of oil would be impossible to do stealthily. Yet not so fast. In the image you can see the shipping traversing the strait on a busy day. Those markers are satellite tracking markers, tracking every ship on its route. The first step to break the link is to switch the tracker off.

This clearly hides the ship from satellite tracking and means the ship can go literally anywhere. So long as it stays out of the way of any military assets that will be able to spot the ship through a much more human way – the eye-ball!

So the next step is to obfuscate further by re-badging the ship to a neutral country, like the British Virgin Islands. Registering it with a ‘one ship’ company that has no place in the BVI other than to hide identity. Changing the ships name to further confuse what the tanker is doing in the strait.

Then the ship can simply meet up with another tanker and transfer the load, ship to ship out at sea or even in the strait itself. The re-badged ship will be on a bogus journey between two innocent states, making it look like the oil is coming from a legitimate source. And so the oil is transferred to the ship that then transports the oil to its destination.

An analyst searching the ships name for adverse inference will now find nothing – the new ships name can even replicate another ship on international registers further confusing the picture.

The focus now is on the paperwork. A credit letter from a credible bank to confirm buyer funds for transfer to the seller – usually from affiliate branches to large western banks and you are halfway through the financial trail. Of course not providing links to any individual or entity that is sanctioned. Credible explanation of goods in transit and value raise no flags – neither does the pick up port of the re-badged ship, nor the drop off port, which of course are both false.

Weeks later and the bill of laden offers no further insight, matching details of the credit letter and the beneficiary bank see’s no reason to suspect, so again the transaction is approved while the ship is in transit.

No alerts have flagged about the ship, the cargo nor the owners on either side as to sanctioned lists. The crime is complete.

Or is it?

There are more detailed checks that could go on to uncover this activity. A review of the historical shipping data would see the tracking switched off for significant periods. It would show the ship not following a course that indicates the identified journey is being taken, more that the ship is off track or offline altogether. The fact the ship has changed name and registration data, the fact it failed to visit ports as frequently as it ought to have, the fact its draft is wrong; these are all good red flags to something being awry.

So much so, the recipient bank should have refused the transaction and reported the activity to their local FIU.

The problem we have is putting the right tools in the hands of the Compliance Officer. Imagine a tool that identified automatically the tracking history of the ship, tracking days offline, days out of port, cargo transited and more. Imagine draft data to show the ship laden or not. Imagine data to indicate registration of the ship and identifying recent changes in ownership, name or locality. Imagine data that identifies the ship in red flag zones, like the strait.

That is all possible with the right IT provision. Now imagine it embedded with other more traditional checks, so the system flags automatically when things are not quite right. Reducing the foot-work of staff to only alert when flags are alerted collectively.

This is the provision we are planning. Building a networked solution, integrating software already in place, to facilitate one solution, one check, one result. Reducing false positives and focusing with a laser to uncover the real activity.

Talk to us for more.

AML-Resources U to Z

AML Resources U to Z

A to EF to JK to OP to TU to Z

Bring yourself up to date with this useful list of AML resources and help documents. We design training packages for your staff, the below is just a small section of our knowledge base. It is important to consider your requirement for bespoke training aligned to your risk.

See our training page to book some training

U

  • United Nations Convention Against Corruption
  • United Nations Convention Against Illicit Traffic in Narcotic Drugs and Psychotropic Substances
  • United Nations Convention for the Suppression of the Financing of Terrorism
  • United Nations Convention Against Transnational Organised Crime and the Protocols.

V

W

  • SEC Rules on Whistle-blowing
  • Wolfsberg Private Banking Principles. – The Principles were initially formulated in 2000 (and revised in 2002) to take into account certain perceived risks associated with private banking. Such risks continue to warrant appropriate levels of attention, no less today than ten years ago. Regulators continue to expect strong anti-money laundering standards, robust controls, enhanced client due diligence and suitable AML policies and procedures. The Wolfsberg Principles detail the groups considerations. –
  • Wolfsberg Guidance on Sanction Screening

X

Y

Z

A to EF to JK to OP to TU to Z

AML-Resources K to O

AML Resources K to O

A to EF to JK to OP to TU to Z

Bring yourself up to date with this useful list of AML resources and help documents. We design training packages for your staff, the below is just a small section of our knowledge base. It is important to consider your requirement for bespoke training aligned to your risk.

See our training page to book some training

K

L

M

N

  • New Zealand – Audit of AML/CTF programs and risk assessments

O

  • OECD – Standard for Automatic Exchange of Financial Account Information in Tax Matters
  • Organised Crime – United Nations Convention Against Transnational Organised Crime and the Protocols.-

A to EF to JK to OP to TU to Z

AML-Resources F to J

AML Resources F to J

A to EF to JK to OP to TU to Z

Bring yourself up to date with this useful list of AML resources and help documents. We design training packages for your staff, the below is just a small section of our knowledge base. It is important to consider your requirement for bespoke training aligned to your risk.

See our training page to book some training

F

G

H

I

J

A to EF to JK to OP to TU to Z

AML-Resources P to T

AML Resources P to T

A to EF to JK to OP to TU to Z

Bring yourself up to date with this useful list of AML resources and help documents. We design training packages for your staff, the below is just a small section of our knowledge base. It is important to consider your requirement for bespoke training aligned to your risk.

See our training page to book some training

P

  • PEPs. FATF guidance on PEPs –
  • POLICY – An Anti-Money Laundering and Terrorist Financing Policy is the document that guides all AML activity and helps your organization guide staff. It is a critical document that should detail a lead from the top of the organization. Below we provide three institutional policies for you to peruse contrast and compare (the first is a Real Estate policy, the second/third are banking policies) . We make no comment on the quality. We provide this service for you to reassure you, your policy will meet the required regulatory rigour.
  • AML/CTF Policies and Procedures template – Seek our advice before using this. –

Q

R

  • Real Estate Policy Template. NB: Seek advice this is a guide only.
  • Risk Assesment and AML/CTF program audits – New Zealand
  • Risk Assessment – BSA/AML Example – for a bank. We do not warrant the quality of this document. –

S

  • Securities Exchange Commission Rules on Whistle-blowing
  • Guidance on Sanction Screening from Wolfsberg –

T

  • Standard for Automatic Exchange of Financial Account Information in Tax Matters OECD
  • Template for AML program for a small firm – US centric NB- We do not warrant the quality of this document. You must seek our advice.
  • Template for AML/CTF Policies and Procedures – Seek our advice before using this. –
  • Template for Real Estate AML/CTF Policy. NB: Seek our advice this is a guide only.
  • Terrorism. United Nations Convention for the Suppression of the Financing of Terrorism –
  • Transparency International Exporting Corruption Report
  • Company Trusts. FATF guidance on Company formation agents and Trusts – A risk based approach to their work and the risk they face in the climate to remove hidden Beneficial Ownership. For a summary and the full report go here, or download the full report.

A to EF to JK to OP to TU to Z

How to Assess and Manage Risk in Investment Fund Management

Investment fund risk

Risk management for providers of investment funds

The provision of investment funds can involve multiple parties: the fund manager, appointed advisers, the depositary and sub-custodians, registrars and, in some cases, prime brokers. Similarly, the distribution of these funds can involve parties such as tied agents, advisory and discretionary wealth managers, platform service providers and independent financial advisers.

The type and number of parties involved in the funds distribution process depends on the nature of the fund and may affect how much the fund knows about its customer and investors. The fund or, where the fund is not itself an obliged entity, the fund manager will retain responsibility for compliance with AML/CFT obligations, although aspects of the fund’s CDD obligations may be carried out by one or more of these other parties subject to certain conditions.

Funds can simply be a store of value for criminal asset to hide the asset from other jurisdictions. It is for this reason, these type of funds are attractive to a criminal element looking to hide money. The key is to identify who they are, where the asset is from and how it was funded – this is made more difficult by the obfuscation of who really owns the investment.

Investment funds may be used by persons or entities for ML/TF purposes:

  • Retail funds are often distributed on a non-face-to-face basis; access to such funds is often easy and relatively quick to achieve, and holdings in such funds can be transferred between different parties.
  • Alternative investment funds, such as hedge funds, real estate and private equity funds, tend to have a smaller number of investors, which can be private individuals as well as institutional investors (pension funds, funds of funds). Funds that are designed for a limited number of high-net-worth individuals, or for family offices, can have an inherently higher risk of abuse for ML/TF purposes than retail funds, since investors are more likely to be in a position to exercise control over the fund assets. If investors exercise control over the assets, such funds are personal asset-holding vehicles, which are mentioned as a factor indicating potentially higher risk in Annex III to Directive (EU) 2015/849.
  • Notwithstanding the often medium- to long-term nature of the investment, which can contribute to limiting the attractiveness of these products for money laundering purposes, they may still appeal to money launderers on the basis of their ability to generate growth and income.

This post is directed at:

  • Investment fund managers performing activities under Article 3(2)(a) of Directive (EU) 2015/849; and
  • Investment funds marketing their own shares or units, under Article 3(2)(d) of Directive (EU) 2015/849.
  • Other parties involved in the provision or distribution of the fund, for example intermediaries, may have to comply with their own CDD obligations and should refer to relevant chapters in these guidelines as appropriate.
  • The post, while EU centric, is good advice and a standard setter globally.

For funds and fund managers, our general risk management post may also be relevant.

Risk factors
Product, service or transaction risk factors

The following factors may contribute to increasing the risk associated with the fund:

  • The fund is designed for a limited number of individuals or family offices, for example a private fund or single investor fund.
  • It is possible to subscribe to the fund and then quickly redeem the investment without the investor incurring significant administrative costs.
  • Units of or shares in the fund can be traded without the fund or fund manager being notified at the time of the trade and, as a result, information about the investor is divided among several subjects (as is the case with closed-ended funds traded on secondary markets).

The following factors may contribute to increasing the risk associated with the subscription:

  • The subscription involves accounts or third parties in multiple jurisdictions, in particular where these jurisdictions are associated with a high ML/TF risk as defined in our generic risk post.
  • The subscription involves third party subscribers or payees, in particular where this is unexpected.

The following factors may contribute to reducing the risk associated with the fund:

  • Third party payments are not allowed.
  • The fund is open to small-scale investors only, with investments capped.

Customer risk factors

The following factors may contribute to increasing risk:

  • The customer’s behaviour is unusual, for example:
    • The rationale for the investment lacks an obvious strategy or economic purpose or the customer makes investments that are inconsistent with the customer’s overall financial situation, where this is known to the fund or fund manager.
    • The customer asks to repurchase or redeem an investment within a short period after the initial investment or before the payout date without a clear rationale, in particular where this results in financial loss or payment of high transaction fees.
    • The customer requests the repeated purchase and sale of shares within a short period of time without an obvious strategy or economic rationale.
    • The customer transfers funds in excess of those required for the investment and asks for surplus amounts to be reimbursed.
    • The customer uses multiple accounts without previous notification, especially when these accounts are held in multiple jurisdictions or jurisdictions associated with higher ML/TF risk.
    • The customer wishes to structure the relationship in such a way that multiple parties, for example non-regulated nominee companies, are used in different jurisdictions, particularly where these jurisdictions are associated with higher ML/TF risk.
    • The customer suddenly changes the settlement location without rationale, for example by changing the customer’s country of residence.
    • The customer and the beneficial owner are located in different jurisdictions and at least one of these jurisdictions is associated with higher ML/TF risk as defined in the general part of the guidelines.
    • The beneficial owner’s funds have been generated in a jurisdiction associated with higher ML/TF risk, in particular where the jurisdiction is associated with higher levels of predicate offences to ML/TF.

The following factors may contribute to reducing risk:

  • The customer is an institutional investor whose status has been verified by an EEA government agency, for example a government-approved pensions scheme;
  • The customer is a firm in an EEA country or a third country that has AML/CFT requirements that are not less robust than those required by Directive (EU) 2015/849.

Distribution channel risk factors

The following factors may contribute to increasing risk:

  • Unclear or complex distribution channels that limit the fund’s oversight of its business relationships and restrict its ability to monitor transactions, for example the fund uses a large number of sub-distributors for distribution in third countries;
  • Uhe distributor is located in a jurisdiction associated with higher ML/TF risk as defined in the general part of these guidelines.

The following factors may indicate lower risk:

  • The fund admits only a designated type of low-risk investor, such as regulated firms investing as a principal (e.g. life companies) or corporate pension schemes.
  • The fund can be purchased and redeemed only through a firm, for example a financial intermediary, in an EEA country or a third country that has AML/CFT requirements that are not less robust than those required by Directive (EU) 2015/849.

Country or geographical risk factors

The following factors may contribute to increasing risk:

  • Investors’ monies have been generated in jurisdictions associated with higher ML/TF risk, in particular those associated with higher levels of predicate offences to money laundering.
  • The fund or fund manager invests in sectors with higher corruption risk (e.g. the extractive industries or the arms trade) in jurisdictions identified by credible sources as having significant levels of corruption or other predicate offences to ML/TF, in particular where the fund is a single investor fund or has a limited number of investors.

Measures

The measures funds or fund managers should take to comply with their CDD obligations will depend on how the customer or the investor (where the investor is not the customer) comes to the fund. The fund or fund manager should also take risk-sensitive measures to identify and verify the identity of the natural persons, if any, who ultimately own or control the customer (or on whose behalf the transaction is being conducted), for example by asking the prospective investor to declare, when they first apply to join the fund, whether they are investing on their own behalf or whether they are an intermediary investing on someone else’s behalf.

The following paragraph is referenced elsewhere in this post and should be read carefully. It dictates the level of risk and measures to be applied in each circumstance.

The customer is:

  • (A) A natural or legal person who directly purchases units of or shares in a fund on their own account, and not on behalf of other, underlying investors; or
  • (B) A firm that, as part of its economic activity, directly purchases units of or shares in its own name and exercises control over the investment for the ultimate benefit of one or more third parties who do not control the investment or investment decisions; or
  • (C) A firm, for example a financial intermediary, that acts in its own name and is the registered owner of the shares or units but acts on the account of, and pursuant to specific instructions from, one or more third parties (e.g. because the financial intermediary is a nominee, broker, multi-client pooled account/omnibus type account operator or operator of a similar passive-type arrangement); or
  • (D) A firm’s customer, for example a financial intermediary’s customer, where the firm is not the registered owner of the shares or units (e.g. because the investment fund uses a financial intermediary to distribute fund shares or units, and the investor purchases units or shares through the firm and the firm does not become the legal owner of the units or shares).

In the situations described in bullet points ‘A’ and ‘B’ above, examples of SDD and EDD measures a fund or fund manager should apply in high-risk situations include:

  • Obtaining additional customer information, such as the customer’s reputation and background, before the establishment of the business relationship;
  • Taking additional steps to further verify the documents, data or information obtained;
  • Obtaining information on the source of funds and/or the source wealth of the customer and of the customer’s beneficial owner;
  • Requiring that the redemption payment is made through the initial account used for investment or an account in the sole or joint name of the customer;
  • Increasing the frequency and intensity of transaction monitoring;
  • Requiring that the first payment is made through a payment account held in the sole or joint name of the customer with an EEA-regulated credit or financial institution or a regulated credit or financial institution in a third country that has AML/CFT requirements that are not less robust than those required by Directive (EU) 2015/849;
  • Obtaining approval from senior management at the time of the transaction when a customer uses a product or service for the first time;
  • Enhanced monitoring of the customer relationship and individual transactions.

In lower risk situations, to the extent permitted by national legislation, and provided that the funds are verifiably being transferred to or from a payment account held in the customer’s sole or joint name with an EEA-regulated credit or financial institution, an example of the SDD measures the fund or fund manager may apply is using the source of funds to meet some of the CDD requirements.

SDD and EDD measures to be taken in situations described in bullet point ‘C’ above.

In the situations described in ‘C’ (above), where the financial intermediary is the fund or fund manager’s customer, the fund or fund manager should apply risk-sensitive CDD measures to the financial intermediary. The fund or fund manager should also take risk- sensitive measures to identify, and verify the identity of, the investors underlying the financial intermediary, as these investors are beneficial owners of the funds invested through the intermediary. To the extent permitted by national law, in low-risk situations, funds or fund managers may apply SDD measures similar to those described in the ‘pooled accounts section of our Retail Banking Risks post, subject to the following conditions:

  • The financial intermediary is subject to AML/CFT obligations in an EEA jurisdiction or in a third country that has AML/CFT requirements that are not less robust than those required by Directive (EU) 2015/849.
  • The financial intermediary is effectively supervised for compliance with these requirements.
  • The fund or fund manager has taken risk-sensitive steps to be satisfied that the ML/TF risk associated with the business relationship is low, based on, inter alia, the fund or fund manager’s assessment of the financial intermediary’s business, the types of clients the intermediary’s business serves and the jurisdictions the intermediary’s business is exposed to.
  • The fund or fund manager has taken risk-sensitive steps to be satisfied that the intermediary applies robust and risk-sensitive CDD measures to its own customers and its customers’ beneficial owners. As part of this, the fund or fund manager should take risk-sensitive measures to assess the adequacy of the intermediary’s CDD policies and procedures, for example by referring to publicly available information about the intermediary’s compliance record or liaising directly with the intermediary.
  • The fund or fund manager has taken risk-sensitive steps to be satisfied that the intermediary will provide CDD information and documents on the underlying investors immediately upon request, for example by including relevant provisions in a contract with the intermediary or by sample-testing the intermediary’s ability to provide CDD information upon request.

Where the risk is increased, in particular where the fund is designated for a limited number of investors, EDD measures must apply and may include those set out above relating to higher risk (A and B in the bullet list)

SDD and EDD measures to be taken in situations described in bullet point ‘D’ above.

In the situations described in bullet point ‘D’ above, the fund or fund manager should apply risk-sensitive CDD measures to the ultimate investor as the fund or fund manager’s customer. To meet its CDD obligations, the fund or fund manager may rely upon the intermediary in line with, and subject to, the conditions set out in Chapter II, Section 4, of Directive (EU) 2015/849.

To the extent permitted by national law, in low-risk situations, funds or fund managers may apply SDD measures. Provided that the conditions listed in relation to the risk for a ‘C’ classified customer are met, SDD measures may consist of the fund or fund manager obtaining identification data from the fund’s share register, together with the information specified in Article 27(1) of Directive (EU) 2015/849, which the fund or fund manager must obtain from the intermediary within a reasonable time-frame. The fund or fund manager should set that time-frame in line with the risk-based approach.

Where the risk is increased, in particular where the fund is designated for a limited number of investors, EDD measures must apply and may include those set out in the measures for customers identified as bullet points ‘A’ and ‘B’ above.

How To Assess and Manage Risk with Wealth Management

Wealth Management

Guidelines to manage risk within wealth management

Wealth management is the provision of banking and other financial services to high-net- worth individuals and their families or businesses. It is also known as private banking. Clients of wealth management firms can expect dedicated relationship management staff to provide tailored services covering, for example, banking (e.g. current accounts, mortgages and foreign exchange), investment management and advice, fiduciary services, safe custody, insurance, family office services, tax and estate planning and associated facilities, including legal support.

Many of the features typically associated with wealth management, such as wealthy and influential clients; very high-value transactions and portfolios; complex products and services, including tailored investment products; and an expectation of confidentiality and discretion are indicative of a higher risk for money laundering relative to those typically present in retail banking. Wealth management firms’ services may be particularly vulnerable to abuse by clients who wish to conceal the origins of their funds or, for example, evade tax in their home jurisdiction.

Firms in this sector should consider the following risk factors and measures alongside those set out in our general post on Risk Management.

Risk factors
Product, service and transaction risk factors

The following factors may contribute to increasing risk:

  • Customers requesting large amounts of cash or other physical stores of value such as precious metals;
  • Very high-value transactions;
  • Financial arrangements involving jurisdictions associated with higher ML/TF risk (firms should pay particular attention to countries that have a culture of banking secrecy or that do not comply with international tax transparency standards);
  • Lending (including mortgages) secured against the value of assets in other jurisdictions, particularly countries where it is difficult to ascertain whether the customer has legitimate title to the collateral, or where the identities of parties guaranteeing the loan are hard to verify;
  • The use of complex business structures such as trusts and private investment vehicles, particularly where the identity of the ultimate beneficial owner may be unclear;
  • Business taking place across multiple countries, particularly where it involves multiple providers of financial services;
  • Cross-border arrangements where assets are deposited or managed in another financial institution, either of the same financial group or outside of the group, particularly where the other financial institution is based in a jurisdiction associated with higher ML/TF risk. Firms should pay particular attention to jurisdictions with higher levels of predicate offences, a weak AML/CFT regime or weak tax transparency standards.

Customer risk factors

The following factors may contribute to increasing risk:

  • Customers with income and/or wealth from high-risk sectors such as arms, the extractive industries, construction, gambling or private military contractors.
  • Customers about whom credible allegations of wrongdoing have been made.
  • Customers who expect unusually high levels of confidentiality or discretion.
  • Customers whose spending or transactional behaviour makes it difficult to establish ‘normal’, or expected patterns of behaviour.
  • Very wealthy and influential clients, including customers with a high public profile, non-resident customers and PEPs. Where a customer or a customer’s beneficial owner is a PEP, firms must always apply EDD in line with Articles 18 to 22 of Directive (EU) 2015/849.
  • The customer requests that the firm facilitates the customer being provided with a product or service by a third party without a clear business or economic rationale.

Country or geographical risk factors

The following factors may contribute to increasing risk:

  • Business is conducted in countries that have a culture of banking secrecy or do not comply with international tax transparency standards.
  • The customer lives in, or their funds derive from activity in, a jurisdiction associated with higher ML/TF risk.

Measures

The staff member managing a wealth management firm’s relationship with a customer (the relationship manager) should play a key role in assessing risk. The relationship manager’s close contact with the customer will facilitate the collection of information that allows a fuller picture of the purpose and nature of the customer’s business to be formed (e.g. an understanding of the client’s source of wealth, why complex or unusual arrangements may nonetheless be genuine and legitimate, or why extra security may be appropriate). This close contact may, however, also lead to conflicts of interest if the relationship manager becomes too close to the customer, to the detriment of the firm’s efforts to manage the risk of financial crime.

Consequently, independent oversight of risk assessment will also be appropriate, provided by, for example, the compliance department and senior management. It is particularly prudent to thoroughly ensure outsourced Compliance firms are well trained and up to date with current regulations, processes and practices – especially where they have a relationship with the relationship manager and no contact with the client.

Enhanced customer due diligence

The following EDD measures may be appropriate in high-risk situations:

  • Obtaining and verifying more information about clients than in standard risk situations and reviewing and updating this information both on a regular basis and when prompted by material changes to a client’s profile. Firms should perform reviews on a risk-sensitive basis, reviewing higher risk clients at least annually but more frequently if risk dictates. These procedures may include those for recording any visits to clients’ premises, whether at their home or business, including any changes to client profile or other information that may affect risk assessment that these visits prompt.
  • Establishing the source of wealth and funds; where the risk is particularly high and/or where the firm has doubts about the legitimate origin of the funds, verifying the source of wealth and funds may be the only adequate risk mitigation tool. The source of funds or wealth can be verified, by reference to, inter alia:
    • An original or certified copy of a recent pay slip;
    • Written confirmation of annual salary signed by an employer;
    • An original or certified copy of contract of sale of, for example, investments or a company;
    • Written confirmation of sale signed by an advocate or solicitor;
    • An original or certified copy of a will or grant of probate;
    • Written confirmation of inheritance signed by an advocate, solicitor, trustee or executor;
    • An internet search of a company registry to confirm the sale of a company.
  • Establishing the destination of funds.
  • Performing greater levels of scrutiny and due diligence on business relationships than would be typical in mainstream financial service provision, such as in retail banking or investment management.
  • Carrying out an independent internal review and, where appropriate, seeking senior management approval of new clients and existing clients on a risk-sensitive basis.
  • Monitoring transactions on an ongoing basis, including, where necessary, reviewing each transaction as it occurs, to detect unusual or suspicious activity. This may include measures to determine whether any of the following are out of line with the business risk profile:
    • Transfers (of cash, investments or other assets);
    • The use of wire transfers;
    • Significant changes in activity;
    • Transactions involving jurisdictions associated with higher ML/TF risk.
  • Monitoring measures may include the use of thresholds, and an appropriate review process by which unusual behaviours are promptly reviewed by relationship management staff or (at certain thresholds) the compliance functions or senior management.
  • Monitoring public reports or other sources of intelligence to identify information that relates to clients or to their known associates, businesses to which they are connected, potential corporate acquisition targets or third party beneficiaries to whom the client makes payments.
  • Ensuring that cash or other physical stores of value (e.g. travellers’ cheques) are handled only at bank counters, and never by relationship managers.
  • Ensuring that the firm is satisfied that a client’s use of complex business structures such as trusts and private investment vehicles is for legitimate and genuine purposes, and that the identity of the ultimate beneficial owner is understood.

Simplified customer due diligence

Simplified due diligence is not appropriate in a wealth management context.

How to Assess and Manage Risk in Retail Banking

Retail Banking

How to assess and manage AML and TF risk in Retail Banking

For the purpose of this post, retail banking means the provision of banking services to natural persons and small and medium-sized enterprises. Examples of retail banking products and services include current accounts, mortgages, savings accounts, consumer and term loans, and credit lines.

Due to the nature of the products and services offered, the relative ease of access and the often large volume of transactions and business relationships, retail banking is vulnerable to terrorist financing and to all stages of the money laundering process. At the same time, the volume of business relationships and transactions associated with retail banking can make identifying ML/TF risk associated with individual relationships and spotting suspicious transactions particularly challenging.

Banks should consider the following risk factors and measures alongside those set out in our general risk management post.

Risk factors

Product, service and transaction risk factors

The following factors may contribute to increasing risk:

  • The product’s features favour anonymity;
  • The product allows payments from third parties that are neither associated with the product nor identified upfront, where such payments would not be expected, for example for mortgages or loans;
  • The product places no restrictions on turnover, cross-border transactions or similar product features;
  • New products and new business practices, including new delivery mechanisms, and the use of new or developing technologies for both new and existing products where these are not yet well understood;
  • Lending (including mortgages) secured against the value of assets in other jurisdictions, particularly countries where it is difficult to ascertain whether the customer has legitimate title to the collateral, or where the identities of parties guaranteeing the loan are hard to verify;
  • An unusually high volume or large value of transactions.

The following factors may contribute to reducing risk:

  • The product has limited functionality, for example in the case of:
    • A fixed term savings product with low savings thresholds;
    • A product where the benefits cannot be realised for the benefit of a third party;
    • A product where the benefits are only realisable in the long term or for a specific purpose, such as retirement or a property purchase;
    • A low-value loan facility, including one that is conditional on the purchase of a specific consumer good or service; or
    • A low-value product, including a lease, where the legal and beneficial title to the asset is not transferred to the customer until the contractual relationship is terminated or is never passed at all.
  • The product can only be held by certain categories of customers, for example pensioners, parents on behalf of their children, or minors until they reach the age of majority.
  • Transactions must be carried out through an account in the customer’s name at a credit or financial institution that is subject to AML/CFT requirements that are not less robust than those required by Directive (EU) 2015/849.
  • There is no over-payment facility.

Customer risk factors

The following factors may contribute to increasing risk:

  • The nature of the customer, for example:
    • The customer is a cash-intensive undertaking.
    • The customer is an undertaking associated with higher levels of money laundering risk, for example certain money remitters and gambling businesses.
    • The customer is an undertaking associated with a higher corruption risk, for example operating in the extractive industries or the arms trade.
    • The customer is a non-profit organisation that supports jurisdictions associated with an increased TF risk
    • The customer is a new undertaking without an adequate business profile or track record.
    • The customer is a non-resident. Banks should note that Article 16 of Directive 2014/92/EU creates a right for consumers who are legally resident in the European Union to obtain a basic bank account, although the right to open and use a basic payment account applies only to the extent that banks can comply with their AML/CFT obligations and does not exempt banks from their obligation to identify and assess ML/TF risk, including the risk associated with the customer not being a resident of the Member State in which the bank is based.
    • The customer’s beneficial owner cannot easily be identified, for example because the customer’s ownership structure is unusual, unduly complex or opaque, or because the customer issues bearer shares.
  • The customer’s behaviour, for example:
    • The customer is reluctant to provide CDD information or appears deliberately to avoid face-to-face contact.
    • The customer’s evidence of identity is in a non-standard form for no apparent reason.
    • The customer’s behaviour or transaction volume is not in line with that expected from the category of customer to which they belong, or is unexpected based on the information the customer provided at account opening.
    • The customer’s behaviour is unusual, for example the customer unexpectedly and without reasonable explanation accelerates an agreed repayment schedule, by means either of lump sum repayments or early termination; deposits or demands payout of high-value bank notes without apparent reason; increases activity after a period of dormancy; or makes transactions that appear to have no economic rationale.

The following factor may contribute to reducing risk:

  • The customer is a long-standing client whose previous transactions have not given rise to suspicion or concern, and the product or service sought is in line with the customer’s risk profile.

Country or geographical risk factors

The following factors may contribute to increasing risk:

  • The customer’s funds are derived from personal or business links to jurisdictions associated with higher ML/TF risk.
  • The payee is located in a jurisdiction associated with higher ML/TF risk. Firms should pay particular attention to jurisdictions known to provide funding or support for terrorist activities or where groups committing terrorist offences are known to be operating, and jurisdictions subject to financial sanctions, embargoes or measures that are related to terrorism, financing of terrorism or proliferation.

The following factor may contribute to reducing risk:

  • Countries associated with the transaction have an AML/CFT regime that is not less robust than that required under Directive (EU) 2015/849 and are associated with low levels of predicate offences.

Distribution channel risk factors

The following factors may contribute to increasing risk:

  • Non-face-to-face business relationships, where no adequate additional safeguards – for example electronic signatures, electronic identification certificates issued in accordance with Regulation EU (No) 910/2014 and anti-impersonation fraud checks – are in place;
  • Reliance on a third party’s CDD measures in situations where the bank does not have a long-standing relationship with the referring third party;
  • New delivery channels that have not been tested yet.

The following factor may contribute to reducing risk:

  • The product is available only to customers who meet specific eligibility criteria set out by national public authorities, as in the case of state benefit recipients or specific savings products for children registered in a particular Member State.

Measures

Where banks use automated systems to identify ML/TF risk associated with individual business relationships or occasional transactions and to identify suspicious transactions, they should ensure that these systems are fit for purpose in line with the criteria set out in our generic risk assessment post. The use of automated IT systems should never be considered a substitute for staff vigilance.

Enhanced customer due diligence

Where the risk associated with a business relationship or occasional transaction is increased, banks must apply EDD measures. These may include:

  • Verifying the customer’s and the beneficial owner’s identity on the basis of more than one reliable and independent source.
  • Identifying, and verifying the identity of, other shareholders who are not the customer’s beneficial owner or any natural persons who have authority to operate an account or give instructions concerning the transfer of funds or the transfer of securities.
  • Obtaining more information about the customer and the nature and purpose of the business relationship to build a more complete customer profile, for example by carrying out open source or adverse media searches or commissioning a third party intelligence report. Examples of the type of information banks may seek include:
    • The nature of the customer’s business or employment;
    • The source of the customer’s wealth and the source of the customer’s funds that are involved in the business relationship, to be reasonably satisfied that these are legitimate;
    • The purpose of the transaction, including, where appropriate, the destination of the customer’s funds;
    • Information on any associations the customer might have with other jurisdictions (headquarters, operating facilities, branches, etc.) and the individuals who may influence its operations; or
    • Where the customer is based in another country, why they seek retail banking services outside their home jurisdiction.
  • Increasing the frequency of transaction monitoring.
  • Reviewing and, where necessary, updating information and documentation held more frequently. Where the risk associated with the relationship is particularly high, banks should review the business relationship annually.

Simplified customer due diligence

In low-risk situations, and to the extent permitted by national legislation, banks may apply SDD measures, which may include:

  • For customers that are subject to a statutory licensing and regulatory regime, verifying identity based on evidence of the customer being subject to that regime, for example through a search of the regulator’s public register;
  • Verifying the customer’s and, where applicable, the beneficial owner’s identities during the establishment of the business relationship in accordance with Article 14(2) of Directive (EU) 2015/849;
  • Assuming that a payment drawn on an account in the sole or joint name of the customer at a regulated credit or financial institution in an EEA country satisfies the requirements stipulated by Article 13(1)(a) and (b) of Directive (EU) 2015/849;
  • Accepting alternative forms of identity that meet the independent and reliable source criterion in Article 13(1)(a) of Directive (EU) 2015/849, such as a letter from a government agency or other reliable public body to the customer, where there are reasonable grounds for the customer not to be able to provide standard evidence of
  • Identity and provided that there are no grounds for suspicion;
  • Updating CDD information only in case of specific trigger events, such as the customer requesting a new or higher risk product, or changes in the customer’s behaviour or transaction profile that suggest that the risk associated with the relationship is no longer low.

Pooled accounts

Where a bank’s customer opens a ‘pooled account’ in order to administer funds that belong to the customer’s own clients, the bank should apply full CDD measures, including treating the customer’s clients as the beneficial owners of funds held in the pooled account and verifying their identities.

Where there are indications that the risk associated with the business relationship is high, banks must apply EDD measures as appropriate.

However, to the extent permitted by national legislation, where the risk associated with the business relationship is low and subject to the conditions set out below, a bank may apply SDD measures provided that:

  • The customer is a firm that is subject to AML/CFT obligations in an EEA state or a third country with an AML/CFT regime that is not less robust than that required by Directive (EU) 2015/849, and is supervised effectively for compliance with these requirements.
  • The customer is not a firm but another obliged entity that is subject to AML/CFT obligations in an EEA state and is supervised effectively for compliance with these requirements.
  • The ML/TF risk associated with the business relationship is low, based on the bank’s assessment of its customer’s business, the types of clients the customer’s business serves and the jurisdictions the customer’s business is exposed to, among other considerations;
  • The bank is satisfied that the customer applies robust and risk-sensitive CDD measures to its own clients and its clients’ beneficial owners (it may be appropriate for the bank to take risk-sensitive measures to assess the adequacy of its customer’s CDD policies and procedures, for example by liaising directly with the customer); and
  • The bank has taken risk-sensitive steps to be satisfied that the customer will provide CDD information and documents on its underlying clients that are the beneficial owners of funds held in the pooled account immediately upon request, for example by including relevant provisions in a contract with the customer or by sample-testing the customer’s ability to provide CDD information upon request.

Where the conditions for the application of SDD to pooled accounts are met, SDD measures may consist of the bank:

  • Identifying and verifying the identity of the customer, including the customer’s beneficial owners (but not the customer’s underlying clients);
  • Assessing the purpose and intended nature of the business relationship; and
  • Conducting ongoing monitoring of the business relationship.

How To Assess and Managing Risk – AML and TF

How to Assess and Manage Risk

The guidance in this post comes from the EU. It can and is applied globally as best practice.

Assessing and managing risk: general

These guidelines come in two parts. This part is general and applies to all firms. Part 2 is sector-specific. Both parts should be read in conjunction with each other to achieve the most rounded view-point, when reviewing risk for a specific sector of the industry (retail banking or Wealth Management as examples).

Firms’ approach to assessing and managing the ML/TF risk associated with business relationships and occasional transactions should include the following:

  • Business-wide risk assessments should help firms understand where they are exposed to ML/TF risk and which areas of their business they should prioritise in the fight against ML/TF. To that end, and in line with Article 8 of Directive (EU) 2015/849, firms should identify and assess the ML/TF risk associated with the products and services they offer, the jurisdictions they operate in, the customers they attract and the transaction or delivery channels they use to service their customers. The steps firms take to identify and assess ML/TF risk across their business must be proportionate to the nature and size of each firm. Firms that do not offer complex products or services and that have limited or no international exposure may not need an overly complex or sophisticated risk assessment.

Customer Due Diligence (CDD)

  • Firms should use the findings from their business-wide risk assessment to inform their decision on the appropriate level and type of CDD that they will apply to individual business relationships and occasional transactions.
  • Before entering into a business relationship or carrying out an occasional transaction, firms should apply initial CDD in line with Article 13(1)(a), (b) and (c) and Article 14(4) of Directive (EU) 2015/849. Initial CDD should include at least risk-sensitive measures to:
    • identify the customer and, where applicable, the customer’s beneficial owner or legal representatives;
    • verify the customer’s identity on the basis of reliable and independent sources and, where applicable, verify the beneficial owner’s identity in such a way that the firm is satisfied that it knows who the beneficial owner is; and
    • establish the purpose and intended nature of the business relationship.
  • Firms should adjust the extent of initial CDD measures on a risk-sensitive basis. Where the risk associated with a business relationship is low, and to the extent permitted by national legislation, firms may be able to apply simplified customer due diligence measures (SDD). Where the risk associated with a business relationship is increased, firms must apply enhanced customer due diligence measures (EDD).

Obtaining a holistic view

  • Firms should gather sufficient information to be satisfied that they have identified all relevant risk factors, including, where necessary, by applying additional CDD measures, and assess those risk factors to obtain a holistic view of the risk associated with a particular business relationship or occasional transaction. Firms should note that the risk factors listed in these guidelines are not exhaustive, and that there is no expectation that firms will consider all risk factors in all cases.

Monitoring and Review

  • Firms must keep their risk assessment up to date and under review. Firms must monitor transactions to ensure that they are in line with the customer’s risk profile and business and, where necessary, examine the source of funds, to detect possible ML/TF. They must also keep the documents, data or information they hold up to date, with a view to understanding whether the risk associated with the business relationship has changed.

Risk assessments: methodology and risk factors

A risk assessment should consist of two distinct but related steps:
a) the identification of ML/TF risk; and
b) the assessment of ML/TF risk.

Identifying ML/TF risk

Firms should find out which ML/TF risks they are, or would be, exposed to as a result of entering into a business relationship or carrying out an occasional transaction.

When identifying ML/TF risks associated with a business relationship or occasional transaction, firms should consider relevant risk factors including who their customer is, the countries or geographical areas they operate in, the particular products, services and transactions the customer requires and the channels the firm uses to deliver these products, services and transactions.

Sources of information

Where possible, information about these ML/TF risk factors should come from a variety of sources, whether these are accessed individually or through commercially available tools or databases that pool information from several sources. Firms should determine the type and numbers of sources on a risk-sensitive basis.

Firms should always consider the following sources of information:

  • The European Commission’s supranational risk assessment;
  • Information from government, such as the government’s national risk assessments, policy statements and alerts, and explanatory memorandums to relevant legislation;
  • Information from regulators, such as guidance and the reasoning set out in regulatory fines;
  • Information from Financial Intelligence Units (FIUs) and law enforcement agencies, such as threat reports, alerts and typologies; and
  • Information obtained as part of the initial CDD process.

Other sources of information firms may consider in this context may include, among others:

  • The firm’s own knowledge and professional expertise;
  • Information from industry bodies, such as typologies and emerging risks;
  • Information from civil society, such as corruption indices and country reports;
  • Information from international standard-setting bodies such as mutual evaluation reports or legally non-binding blacklists;
  • Information from credible and reliable open sources, such as reports in reputable newspapers;
  • Information from credible and reliable commercial organisations, such as risk and intelligence reports; and
  • Information from statistical organisations and academia.

Risk factors

Firms should note that the following risk factors are not exhaustive, nor is there an expectation that firms will consider all risk factors in all cases. Firms should take a holistic view of the risk associated with the situation and note that, unless Directive (EU) 2015/849 or national legislation states otherwise, the presence of isolated risk factors does not necessarily move a relationship into a higher or lower risk category.

Customer risk factors

When identifying the risk associated with their customers, including their customers’ beneficial owners, firms should consider the risk related to:

  • The customer’s and the customer’s beneficial owner’s business or professional activity;
  • The customer’s and the customer’s beneficial owner’s reputation; and
  • The customer’s and the customer’s beneficial owner’s nature and behaviour.

Risk factors that may be relevant when considering the risk associated with a customer’s or a customer’s beneficial owner’s business or professional activity include:

  • Does the customer or beneficial owner have links to sectors that are commonly associated with higher corruption risk, such as construction, pharmaceuticals and healthcare, the arms trade and defence, the extractive industries or public procurement?
  • Does the customer or beneficial owner have links to sectors that are associated with higher ML/TF risk, for example certain Money Service Businesses, casinos or dealers in precious metals?
  • Does the customer or beneficial owner have links to sectors that involve significant amounts of cash?
  • Where the customer is a legal person or a legal arrangement, what is the purpose of their establishment? For example, what is the nature of their business?
  • Does the customer have political connections, for example, are they a Politically Exposed Person (PEP), or is their beneficial owner a PEP? Does the customer or beneficial owner have any other relevant links to a PEP, for example are any of the customer’s directors PEPs and, if so, do these PEPs exercise significant control over the customer or beneficial owner? Where a customer or their beneficial owner is a PEP, firms must always apply EDD measures in line with Article 20 of Directive (EU) 2015/849.
  • Does the customer or beneficial owner hold another prominent position or enjoy a high public profile that might enable them to abuse this position for private gain? For example, are they senior local or regional public officials with the ability to influence the awarding of public contracts, decision-making members of high-profile sporting bodies or individuals who are known to influence the government and other senior decision-makers?
  • Is the customer a legal person subject to enforceable disclosure requirements that ensure that reliable information about the customer’s beneficial owner is publicly
  • For guidance on risk factors associated with beneficiaries of life insurance policies, please refer to ‘Insurance Risk’.
  • Is the customer a credit or financial institution acting on its own account from a jurisdiction with an effective AML/CFT regime and is it supervised for compliance with local AML/CFT obligations? Is there evidence that the customer has been subject to supervisory sanctions or enforcement for failure to comply with AML/CFT obligations or wider conduct requirements in recent years?
  • Is the customer a public administration or enterprise from a jurisdiction with low levels of corruption?
  • Is the customer’s or the beneficial owner’s background consistent with what the firm knows about their former, current or planned business activity, their business’s turnover, the source of funds and the customer’s or beneficial owner’s source of wealth?

The following risk factors may be relevant when considering the risk associated with a customer’s or beneficial owners’ reputation:

  • Are there adverse media reports or other relevant sources of information about the customer, for example are there any allegations of criminality or terrorism against the customer or the beneficial owner? If so, are these reliable and credible? Firms should determine the credibility of allegations on the basis of the quality and independence of the source of the data and the persistence of reporting of these allegations, among other considerations. Firms should note that the absence of criminal convictions alone may not be sufficient to dismiss allegations of wrongdoing.
  • Has the customer, beneficial owner or anyone publicly known to be closely associated with them had their assets frozen due to administrative or criminal proceedings or allegations of terrorism or terrorist financing? Does the firm have reasonable grounds to suspect that the customer or beneficial owner or anyone publicly known to be closely associated with them has, at some point in the past, been subject to such an asset freeze?
  • Does the firm know if the customer or beneficial owner has been the subject of a suspicious transactions report in the past?
  • Does the firm have any in-house information about the customer’s or the beneficial owner’s integrity, obtained, for example, in the course of a long-standing business relationship?

The following risk factors may be relevant when considering the risk associated with a customer’s or beneficial owner’s nature and behaviour; firms should note that not all of these risk factors will be apparent at the outset; they may emerge only once a business relationship has been established:

  • Does the customer have legitimate reasons for being unable to provide robust evidence of their identity, perhaps because they are an asylum seeker?
  • Does the firm have any doubts about the veracity or accuracy of the customer’s or beneficial owner’s identity?
  • Are there indications that the customer might seek to avoid the establishment of a business relationship? For example, does the customer look to carry out one transaction or several one-off transactions where the establishment of a business relationship might make more economic sense?
  • Is the customer’s ownership and control structure transparent and does it make sense? If the customer’s ownership and control structure is complex or opaque, is there an obvious commercial or lawful rationale?
  • Does the customer issue bearer shares or does it have nominee shareholders?
  • Is the customer a legal person or arrangement that could be used as an asset-holding vehicle?
  • Is there a sound reason for changes in the customer’s ownership and control structure?
  • Does the customer request transactions that are complex, unusually or unexpectedly large or have an unusual or unexpected pattern without an apparent economic or lawful purpose or a sound commercial rationale? Are there grounds to suspect that the customer is trying to evade specific thresholds such as those set out in Article 11(b) of Directive (EU) 2015/849 and national law where applicable?
  • Does the customer request unnecessary or unreasonable levels of secrecy? For example, is the customer reluctant to share CDD information, or do they appear to want to disguise the true nature of their business?
  • Can the customer’s or beneficial owner’s source of wealth or source of funds be easily explained, for example through their occupation, inheritance or investments? Is the explanation plausible?
  • Does the customer use the products and services they have taken out as expected when the business relationship was first established?
  • Where the customer is a non-resident, could their needs be better serviced elsewhere? Is there a sound economic and lawful rationale for the customer requesting the type of financial service sought? Firms should note that Article 16 of Directive 2014/92/EU creates a right for customers who are legally resident in the Union to obtain a basic payment account, but this right applies only to the extent that credit institutions can comply with their AML/CFT obligations.
  • Is the customer a non-profit organisation whose activities could be abused for terrorist financing purposes?

Countries and geographical areas

When identifying the risk associated with countries and geographical areas, firms should consider the risk related to:

  • The jurisdictions in which the customer and beneficial owner are based;
  • The jurisdictions that are the customer’s and beneficial owner’s main places of business; and
  • The jurisdictions to which the customer and beneficial owner have relevant personal links.

Firms should note that the nature and purpose of the business relationship will often determine the relative importance of individual country and geographical risk factors. For example:

  • Where the funds used in the business relationship have been generated abroad, the level of predicate offences to money laundering and the effectiveness of a country’s legal system will be particularly relevant.
  • Where funds are received from, or sent to, jurisdictions where groups committing terrorist offences are known to be operating, firms should consider to what extent this could be expected to or might give rise to suspicion, based on what the firm knows about the purpose and nature of the business relationship.
  • Where the customer is a credit or financial institution, firms should pay particular attention to the adequacy of the country’s AML/CFT regime and the effectiveness of AML/CFT supervision.
  • Where the customer is a legal vehicle or trust, firms should take into account the extent to which the country in which the customer and, where applicable, the beneficial owner are registered effectively complies with international tax transparency standards.

Risk factors firms should consider when identifying the effectiveness of a jurisdiction’s AML/CFT regime include:

  • Has the country been identified by the Commission as having strategic deficiencies in its AML/CFT regime, in line with Article 9 of Directive (EU) 2015/849? Where firms deal with natural or legal persons resident or established in third countries that the Commission has identified as presenting a high ML/TF risk, firms must always apply EDD measures.
  • Is there information from more than one credible and reliable source about the quality of the jurisdiction’s AML/CFT controls, including information about the quality and effectiveness of regulatory enforcement and oversight? Examples of possible sources include mutual evaluation reports by the Financial Action Task Force (FATF) or FATF-style Regional Bodies (FSRBs) (a good starting point is the executive summary and key findings and the assessment of compliance with Recommendations 10, 26 and 27 and Immediate Outcomes 3 and 4), the FATF’s list of high-risk and non- cooperative jurisdictions, International Monetary Fund (IMF) assessments and Financial Sector Assessment Programme (FSAP) reports. Firms should note that membership of the FATF or an FSRB (e.g. MoneyVal) does not, of itself, mean that the jurisdiction’s AML/CFT regime is adequate and effective.
  • Firms should note that Directive (EU) 2015/849 does not recognise the ‘equivalence’ of third countries and that EU Member States’ lists of equivalent jurisdictions are no longer being maintained. To the extent permitted by national legislation, firms should be able to identify lower risk jurisdictions in line with these guidelines and Annex II of Directive (EU) 2015/849.

Risk factors firms should consider when identifying the level of terrorist financing risk associated with a jurisdiction include:

  • Is there information, for example from law enforcement or credible and reliable open media sources, suggesting that a jurisdiction provides funding or support for terrorist activities or that groups committing terrorist offences are known to be operating in the country or territory?
  • Is the jurisdiction subject to financial sanctions, embargoes or measures that are related to terrorism, financing of terrorism or proliferation issued by, for example, the United Nations or the European Union ?

Risk factors firms should consider when identifying a jurisdiction’s level of transparency and tax compliance include:

  • Is there information from more than one credible and reliable source that the country has been deemed compliant with international tax transparency and information sharing standards? Is there evidence that relevant rules are effectively implemented in practice? Examples of possible sources include reports by the Global Forum on Transparency and the Exchange of Information for Tax Purposes of the Organisation for Economic Co-operation and Development (OECD), which rate jurisdictions for tax transparency and information sharing purposes; assessments of the jurisdiction’s commitment to automatic exchange of information based on the Common Reporting standard; assessments of compliance with FATF Recommendations 9, 24 and 25 and Immediate Outcomes 2 and 5 by the FATF or FSRBs; and IMF assessments (e.g. IMF staff assessments of offshore financial centres).
  • Has the jurisdiction committed to, and effectively implemented, the Common Reporting Standard on Automatic Exchange of Information, which the G20 adopted in 2014?
  • Has the jurisdiction put in place reliable and accessible beneficial ownership registers?

Risk factors firms should consider when identifying the risk associated with the level of predicate offences to money laundering include:

  • Is there information from credible and reliable public sources about the level of predicate offences to money laundering listed in Article 3(4) of Directive (EU) 2015/849, for example corruption, organised crime, tax crime and serious fraud? Examples include corruption perceptions indices; OECD country reports on the implementation of the OECD’s anti-bribery convention; and the United Nations Office on Drugs and Crime World Drug Report.
  • Is there information from more than one credible and reliable source about the capacity of the jurisdiction’s investigative and judicial system effectively to investigate and prosecute these offences?

Products, services and transactions risk factors

When identifying the risk associated with their products, services or transactions, firms should consider the risk related to:

  • The level of transparency, or opaqueness, the product, service or transaction affords;
  • The complexity of the product, service or transaction; and
  • The value or size of the product, service or transaction.

Risk factors that may be relevant when considering the risk associated with a product, service or transaction’s transparency include:

  • To what extent do products or services allow the customer or beneficial owner or beneficiary structures to remain anonymous, or facilitate hiding their identity? Examples of such products and services include bearer shares, fiduciary deposits, offshore vehicles and certain trusts, and legal entities such as foundations that can be structured in such a way as to take advantage of anonymity and allow dealings with shell companies or companies with nominee shareholders.
  • To what extent is it possible for a third party that is not part of the business relationship to give instructions, for example in the case of certain correspondent banking relationships?

Risk factors that may be relevant when considering the risk associated with a product, service or transaction’s complexity include:

  • To what extent is the transaction complex and does it involve multiple parties or multiple jurisdictions, for example in the case of certain trade finance transactions? Are transactions straightforward, for example are regular payments made into a pension fund?
  • To what extent do products or services allow payments from third parties or accept overpayments where this is would not normally be expected? Where third party payments are expected, does the firm know the third party’s identity, for example is it a state benefit authority or a guarantor? Or are products and services funded exclusively by fund transfers from the customer’s own account at another financial institution that is subject to AML/CFT standards and oversight that are comparable to those required under Directive (EU) 2015/849?
  • Does the firm understand the risks associated with its new or innovative product or service, in particular where this involves the use of new technologies or payment methods?

Risk factors that may be relevant when considering the risk associated with a product, service or transaction’s value or size include:

  • To what extent are products or services cash intensive, as are many payment services but also certain current accounts?
  • To what extent do products or services facilitate or encourage high-value transactions? Are there any caps on transaction values or levels of premium that could limit the use of the product or service for ML/TF purposes?

Delivery channel risk factors

When identifying the risk associated with the way in which the customer obtains the products or services they require, firms should consider the risk related to:

  • The extent to which the business relationship is conducted on a non-face-to-face basis; and
  • Any introducers or intermediaries the firm might use and the nature of their relationship with the firm.

When assessing the risk associated with the way in which the customer obtains the products or services, firms should consider a number of factors including:

  • Is the customer physically present for identification purposes? If they are not, has the firm used a reliable form of non-face-to-face CDD? Has it taken steps to prevent impersonation or identity fraud?
  • Has the customer been introduced by another part of the same financial group and, if
  • so, to what extent can the firm rely on this introduction as reassurance that the customer will not expose the firm to excessive ML/TF risk? What has the firm done to satisfy itself that the group entity applies CDD measures to European Economic Area (EEA) standards in line with Article 28 of Directive (EU) 2015/849?
  • Has the customer been introduced by a third party, for example a bank that is not part of the same group, and is the third party a financial institution or is its main business activity unrelated to financial service provision? What has the firm done to be satisfied that:
    • The third party applies CDD measures and keeps records to EEA standards and that it is supervised for compliance with comparable AML/CFT obligations in line with Article 26 of Directive (EU) 2015/849;
    • The third party will provide, immediately upon request, relevant copies of identification and verification data, inter alia in line with Article 27 of Directive (EU) 2015/849; and
    • The quality of the third party’s CDD measures is such that it can be relied upon?
  • Has the customer been introduced through a tied agent, that is, without direct firm contact? To what extent can the firm be satisfied that the agent has obtained enough information so that the firm knows its customer and the level of risk associated with the business relationship?
  • If independent or tied agents are used, to what extent are they involved on an ongoing basis in the conduct of business? How does this affect the firm’s knowledge of the customer and ongoing risk management?
  • Where a firm uses an intermediary:
    • Are they a regulated person subject to AML obligations that are consistent with those of Directive (EU) 2015/849?
    • Are they subject to effective AML supervision? Are there any indications that the intermediary’s level of compliance with applicable AML legislation or regulation is inadequate, for example has the intermediary been sanctioned for breaches of AML/CFT obligations?
    • Are they based in a jurisdiction associated with higher ML/TF risk? Where a third party is based in a high-risk third country that the Commission has identified as having strategic deficiencies, firms must not rely on that intermediary. However, to the extent permitted by national legislation, reliance may be possible provided that the intermediary is a branch or majority-owned subsidiary of another firm established in the Union, and the firm is confident that the intermediary fully complies with group-wide policies and procedures in line with Article 45 of Directive (EU) 2015/849.9

Assessing ML/TF risk

Firms should take a holistic view of the ML/TF risk factors they have identified that, together, will determine the level of ML/TF risk associated with a business relationship or occasional transaction.

As part of this assessment, firms may decide to weigh factors differently depending on their relative importance.

Weighting risk factors

When weighting risk factors, firms should make an informed judgement about the relevance of different risk factors in the context of a business relationship or occasional transaction. This often results in firms allocating different ‘scores’ to different factors; for example, firms may decide that a customer’s personal links to a jurisdiction associated with higher ML/TF risk is less relevant in light of the features of the product they seek.

Ultimately, the weight given to each of these factors is likely to vary from product to product and customer to customer (or category of customer) and from one firm to another. When weighting risk factors, firms should ensure that:

  • Weighting is not unduly influenced by just one factor;
  • Economic or profit considerations do not influence the risk rating;
  • Weighting does not lead to a situation where it is impossible for any business relationship to be classified as high risk;
  • The provisions of Directive (EU) 2015/849 or national legislation regarding situations that always present a high money laundering risk cannot be over-ruled by the firm’s weighting; and
  • They are able to over-ride any automatically generated risk scores where necessary. The rationale for the decision to over-ride such scores should be documented appropriately.

Where a firm uses automated IT systems to allocate overall risk scores to categorise business relationships or occasional transactions and does not develop these in house but purchases them from an external provider, it should understand how the system works and how it combines risk factors to achieve an overall risk score. A firm must always be able to satisfy itself that the scores allocated reflect the firm’s understanding of ML/TF risk and it should be able to demonstrate this to the competent authority.

Categorising business relationships and occasional transactions

Following its risk assessment, a firm should categorise its business relationships and occasional transactions according to the perceived level of ML/TF risk.

Firms should decide on the most appropriate way to categorise risk. This will depend on the nature and size of the firm’s business and the types of ML/TF risk it is exposed to. Although firms often categorise risk as high, medium and low, other categorisations are possible.